[K12OSN] smbldap - adding ldap users to local groups
Rob Owens
rowens at bio-chemvalve.com
Thu Oct 25 17:43:52 UTC 2007
Steven Santos wrote:
> So you are looking for something like IDMAP in SAMBA to map LDAP group names
> to local group names, without the numbers needing to match,
Yes, I think so...
> or more to the
> point, the machine being able to say to the LDAP database "I am a
> Centros/RedHat/Whatever machine, the correct gid for the FUSE group is...?"
> and to get the proper mapping that way.
I wouldn't need any logic like this built in if I could simply do this:
1) create an LDAP group called "ldapcdrom"
2) add millions of LDAP users to the ldapcdrom group
3) on a Debian machine, make "ldapcdrom" a member of the local group "cdrom"
4) on a CentOS machine, make "ldapcdrom" a member of the local group "disk"
5) *not* have to add millions of LDAP users to each local group
("cdrom", "disk", etc)
That way I decide which local group matches up with which ldap group,
but I only have to establish that relationship once on each machine.
Unfortunately, local groups do not seem to accept other groups as
members -- they only accept users. That is what my testing suggests,
anyway.
-Rob
More information about the K12OSN
mailing list